[hoong]

But the BB device don't care if the IP change or maintain an open connection.

I agree providing options is good, but doing efficient messaging is part of RIM DNA, if you request this feature, they will probably reply why you want to get a BB without a BB messaging service?? IMHO

And having yet another option to mingle with can actually screws up the usability pretty badly.

[Reed McLay]

...
How about we just get rid of the NOC completely? Make the BB device capable of working both as NOC hosted and not. That way it's up to the user as to how they have their device configured and THEY choose how their security works. If they choose proxy based, they can benefit from better battery life and current other benefits. If they choose direct connect, then they choose to deal with more data usage and worse battery life. I can tell you this... from what I've seen on the BB platform from chat programs and other apps that hold a constant data connection open, a BB's battery gets killed off way faster in this configuration then any other Smartphone on the market that works the same way. I believe that if RIM was to flip the switch on all BBs and make them work as hard as other Smartphones do now, we'd see battery life fall so hard, you wouldn't be able to use a BB but for a few hours before a charge was required.

Trust me on this one... a chat program I had installed on an old 8830 that wasn't push based, but kept a constant keepalive connection to the various chat servers (i.e. MSN, Yahoo, AIM, etc.) killed the battery on that device in a few hours easy. It was slightly worse then if you were on the phone the entire time... yes, that bad.

Get rid of the NOC and you have every third World Nations dream...a chicken in every pot, and a sniffer on every server. George Orwell's 1984 becomes non-fiction.

Battery life is not the issue. Keeping your head, while flirting with the opposite sex, is the issue in KSA. Literally.

They know nothing about encryption and which nation hold the servers, they care about not attracting the attention of the Morality Police.

[Jake Storm]

lol, RIM doesn't tell you why a Blackberry outage happens when it happens. Do you honestly think they'll tell you anything about such dealings?

I'll agree that we seem to be getting a "two-faced" view of RIM currently. They're so scared that they'll lose market share that they'll do ANYTHING to keep/secure it... ANYTHING. That's not good in my book.

LOL. Now how can they be "two-faced" if they're not telling us anything?

[shabbs]

lol, RIM doesn't tell you why a Blackberry outage happens when it happens. Do you honestly think they'll tell you anything about such dealings?

I'll agree that we seem to be getting a "two-faced" view of RIM currently. They're so scared that they'll lose market share that they'll do ANYTHING to keep/secure it... ANYTHING. That's not good in my book.

Well, we've seen nothing official from RIM that suggests they would give up anything that would compromise the security in their BlackBerry environment. The day they do that, is the day they lose their status and most likely a ton of business.

This story about RIM offering up "codes" to give Saudi Arabia access to BBM info is getting some legs and a lot of places are carrying it. Personally, I don't buy it.

Perhaps this story has more merit:

Olive: RIM rolls over Saudi snoops - thestar.com

RIM will help them "monitor" the traffic, but won't help them decode/decipher it.

[JRSCCivic98]

But the BB device don't care if the IP change or maintain an open connection.

I agree providing options is good, but doing efficient messaging is part of RIM DNA, if you request this feature, they will probably reply why you want to get a BB without a BB messaging service?? IMHO

And having yet another option to mingle with can actually screws up the usability pretty badly.

And neither do the other Smartphone devices out there. The IPs can change on them as well and it won't affect your push email whatsoever. The connections are made from the client to the server just like your PC does. Your email doesn't stop flowing in just because your IP on your computer changes, does it? lol I think you're overlooking some pretty basic network infrastructure requirements here before you even get to the PIN usage on a BB. Without a TCP/IP stack connection from the carrier or another Internet Gateway, a BB wouldn't function.

Get rid of the NOC and you have every third World Nations dream...a chicken in every pot, and a sniffer on every server. George Orwell's 1984 becomes non-fiction.

Battery life is not the issue. Keeping your head, while flirting with the opposite sex, is the issue in KSA. Literally.

They know nothing about encryption and which nation hold the servers, they care about not attracting the attention of the Morality Police.

So basically, you're saying that BB is secure, but EVERYTHING else isn't or cannot be... (this includes standard servers and PCs as well). I don't think you're correct on that one....

[rk_sporty]

I don't get it, this is a bad thing?

All phones are controlled by the carriers, who do you think sells them and allows them to work?

I said it in another thread and I'll say it here, this whole USA thing is a NON-ISSUE. Why anyone cares is completely beyond me. They already monitor all other communications on other phones and regular phone calls on the BB, so what? I guess RI should give up half the global market to competitors and die so we can feel good about ourselves?

Feel good about what? Thank God they can't see BBM's, let's sit back and watch the latest YouTube video of a 14 year old being stoned to death for getting into a car without a male relative with her.

Sorry, but this whole "issue" is really sad and it's time we forgot about it.

Well said!

[Reed McLay]

...

So basically, you're saying that BB is secure, but EVERYTHING else isn't or cannot be... (this includes standard servers and PCs as well). I don't think you're correct on that one....

Strong encryption is capable of securing communications over the internet, but few sites routinely use it. That also applies to mobile devices, it can be done, but it is not routine.

Ms Albedah said the use of BlackBerry IM undermines traditional Islamic values of the country, where religious police bar unmarried couples from meeting in public.

"If your mother and father don't want you to speak with [certain people], having a BlackBerry will provide you with the opportunity for freedom," she told ninemsn.

"Parents want to control young people."

...

The options for mobile messaging are SMS text, email and BlackBerry Messenger. It is clear, the first two attacks the Morality Police, the other does not.

At this point, it hardly matters what Research in Motion does or does not do in KSA. The population has been told BlackBerry Messenger is being monitored by the state.

Would you bet your life against it?

[Radius]

I have a simple question. I've read enough of these threads and no one has really addressed this.

Besides a simple philosophical disagreement over "privacy", what exactly is the issue here?

I real a lot about RIM remaining true to itself (paraphrased), but to me that means it meets stockholder expectations and makes money in its field. And I've also read the misguided arguments about so-called privacy when most people don't even realize they have none even using a BB.

So... what is the issue with RIM letting a country view the data that is generated within it or sent to it as is its sovereign right if their laws so allow?

[mnj-ksa]

LOL it's so funny how you all think that u know the truth behind this issue
hello wake up Saudi Arabia only want what rim gave other nations (in top of the other nations is ur "free country") CAN'T YOU SEE !
hahahaha and you tough ur bbm is not monitored

A Saudi BBm user

[shabbs]

So... what is the issue with RIM letting a country view the data that is generated within it or sent to it as is its sovereign right if their laws so allow?

As far as I can tell, nothing is stopping them from looking at it now... it's being sent via their own infrastructure on it's way to RIM's Servers in Canada. The issue is that it's encrypted / scrambled depending on what is being sent (BES email vs BBM and PIN-PIN messages).

Maybe they don't know how to look at it? I don't know. RIM can help them to understand how to look at it, but can't help them decrypt it. As for the unscrambling of BBM and PIN-to-PIN messages, that can probably be done pretty easily since it uses a global key. Would be interested to know if RIM has helped them understand how to do that.

It's been suggested that the Saudi Govt wants to monitor these lines of communications (BBM in particular) in order to ensure religious morals are not being broken among the youth as well as helping to suppress coordinated protests etc... I'm not sure how likely that is as I don't have a good understanding of the political/religious environment over there.

There's a lot of guessing going on here... perhaps mnj-ksa can enlighten us some more.

[Radius]

As far as I can tell, nothing is stopping them from looking at it now... it's being sent via their own infrastructure on it's way to RIM's Servers in Canada. The issue is that it's encrypted / scrambled depending on what is being sent (BES email vs BBM and PIN-PIN messages).

Maybe they don't know how to look at it? I don't know. RIM can help them to understand how to look at it, but can't help them decrypt it. As for the unscrambling of BBM and PIN-to-PIN messages, that can probably be done pretty easily since it uses a global key. Would be interested to know if RIM has helped them understand how to do that.

It's been suggested that the Saudi Govt wants to monitor these lines of communications (BBM in particular) in order to ensure religious morals are not being broken among the youth as well as helping to suppress coordinated protests etc... I'm not sure how likely that is as I don't have a good understanding of the political/religious environment over there.

There's a lot of guessing going on here... perhaps mnj-ksa can enlighten us some more.

There is always rumor, and that's the fun part. Maybe I should ask my coworker what he things, he's here pretty recently from Iran.

Data mining communications can be useful. Look at the whole Dubai thing where the gunmen used BB's to coordinate their efforts. Sometimes snooping around isn't a bad thing.

[Reed McLay]

During the past few days, I have read a lot about BlackBerry in KSA.

For example, it appears device exchage is very common. There are street vendors that were bragging about buying up hundreds of BlackBerrys when the deadline threatened, then reselling them at huge profits when the fear passed.

Take away: Nobody is tied to a PIN / IMEI for very long. Swap in their own SIM, log on to BIS to change your PIN and back in service with a new PIN. There is no paper trail for the authorities to follow.

Last week, a seperate story broke in India. It was suggested that Metatag data could be provided on request. The Metatags include the PIN/IMEI and destination BIS/BES but no content.

I wonder if these are the codes the KSA is leaking? That would be consistant with RIM's stated policy.

[shabbs]

Take away: Nobody is tied to a PIN / IMEI for very long. Swap in their own SIM, log on to BIS to change your PIN and back in service with a new PIN. There is no paper trail for the authorities to follow.

So, basically, the "evil doers" are using BBs as encrypted burn phones. The governments worst nightmare.

[shabbs]

Add India to the list of countries threatening to ban BB's unless they get "concessions" like the other countries to address security concerns...

CBC News - Money - India threatens BlackBerry ban: report

Let the madness continue!

[hoong]

And neither do the other Smartphone devices out there. The IPs can change on them as well and it won't affect your push email whatsoever. The connections are made from the client to the server just like your PC does. Your email doesn't stop flowing in just because your IP on your computer changes, does it? lol I think you're overlooking some pretty basic network infrastructure requirements here before you even get to the PIN usage on a BB. Without a TCP/IP stack connection from the carrier or another Internet Gateway, a BB wouldn't function.

You don't get what I meant, yes, for other smartphone, when IP change the email still get by, but in the back ground the phone will need to re-establish a connection even if there's no email to poll for status, so all other non BB phones needs to constantly poll (re-establish connection). BB phone, the server can actually initiate connection when there's status or email, and get push to the device where ever they are, if there's no status change nor email, the device can just run on standby.

So RIM make use of carrier infrastructure to locate the device and push info to it, other by-pass the carrier and rely on internet to constantly poll for info from the devices.

[JRSCCivic98]

During the past few days, I have read a lot about BlackBerry in KSA.

For example, it appears device exchage is very common. There are street vendors that were bragging about buying up hundreds of BlackBerrys when the deadline threatened, then reselling them at huge profits when the fear passed.

Take away: Nobody is tied to a PIN / IMEI for very long. Swap in their own SIM, log on to BIS to change your PIN and back in service with a new PIN. There is no paper trail for the authorities to follow.

Last week, a seperate story broke in India. It was suggested that Metatag data could be provided on request. The Metatags include the PIN/IMEI and destination BIS/BES but no content.

I wonder if these are the codes the KSA is leaking? That would be consistant with RIM's stated policy.

OK, so let's say the SA governements want access so as to monitor people that chat up sex or other stuff. At least this is what someone else has indicated as the case. Well, if all they get is access to the Metatag data, how do they know what the message is? What good is seeing where a messages came from and went to if they don't know what's in the message? Could be business talk or flirty talk, who knows. Then you have other people saying that BBM traffic is unencrypted anyway, so then the Metatag info should already be visible and read no matter what.

Point is, there's so much true and false info in these discussions that no one in the public will know for sure what the SA government will or will not have access to. In the end, this sort of thing should show that the BB platform is only as secure as RIM wants it to be. They have no loyalty to their customers/end users, but only to the countries/carriers they cater to. So, why is the BB platform still considered secure then if you honestly cannot know just how secure it is?

It really is just that simple...

[JRSCCivic98]

You don't get what I meant, yes, for other smartphone, when IP change the email still get by, but in the back ground the phone will need to re-establish a connection even if there's no email to poll for status, so all other non BB phones needs to constantly poll (re-establish connection). BB phone, the server can actually initiate connection when there's status or email, and get push to the device where ever they are, if there's no status change nor email, the device can just run on standby.

So RIM make use of carrier infrastructure to locate the device and push info to it, other by-pass the carrier and rely on internet to constantly poll for info from the devices.

I know how the infrastructure works. Other devices do use more battery due to the way they handle keepalives and such, but at the basic levels, a BB is still governed by the same TCP requirements as any other networked device, PIN or no PIN.

Also, a BB renews it's IP address at the same trigger levels as other smartphones... (i.e. radio cycles, reboot cycles, etc.) So, you're incorrect about that part in your posts.

Anyway, I'm pretty sure we're both saying the same things here, to some extent. Point was, when you cause a BB to act as another smartphone (i.e. nail up constant network connections) it's battery levels are far worse then the other smartphones, and they do those functions normally. It's just a design thing, that's all. A BB was designed with their Push infrastructure in place, so battery life was modeled to fulfill those perticlar needs and nothing more... which is usually normal RIM dev practices.

[shabbs]

Then you have other people saying that BBM traffic is unencrypted anyway, so then the Metatag info should already be visible and read no matter what.

RIM has indicated BBM and PIN-to-PIN traffic is scrambled, not encrypted. The scrambling process uses a global key that is present on every BB. This would lead to the logical conclusion that any BB can un-scramble the message if it manages to intercept it.

[Reed McLay]

Govt to get access to BlackBerry messenger text - Tech News - IBNLive

New Delhi: The standoff between the Research in Motion (RIM) and the government is over with the former agreeing to provide Indian security agencies lawful access to BlackBerry messenger services, sources tell CNN-IBN.


The breakthrough comes hours after the government set the August 31 deadline for RIM and mobile service providers to come up with a technical solution to assuage India's security concerns over BlackBerry services.


According to sources, the company has given security agencies an existing tool which enables them to access plain text on encrypted BlackBerry messenger. A tool is also being developed to give easier and lawful access to security agencies across the world.


However, BlackBerry has no plans to set up a server in India, sources tell CNN-IBN.
...

This may be the story in KSA too.

Software to emulate the on device de-compression is all that is required, unless its encrypted BES. Let me guess, it has been a feature of the SDK all along. Just a matter of helping them, help themselves.

Combine this with metatag data, you can compile a state security database.

BlackBerry - Customer Statements

Customer Update - August 12, 2010

In response to the statement published today by the Government of India, and further to RIM’s Customer Update dated August 2, RIM wishes to provide this additional information to its customers. Although RIM cannot disclose confidential regulatory discussions that take place with any government, RIM assures its customers that it genuinely tries to be as cooperative as possible with governments in the spirit of supporting legal and national security requirements, while also preserving the lawful needs of citizens and corporations. RIM has drawn a firm line by insisting that any capabilities it provides to carriers for “lawful” access purposes be limited by four main principles:

1. The carriers’ capabilities be limited to the strict context of lawful access and national security requirements as governed by the country's judicial oversight and rules of law.

2. The carriers’ capabilities must be technology and vendor neutral, allowing no greater access to BlackBerry consumer services than the carriers and regulators already impose on RIM’s competitors and other similar communications technology companies.

. No changes to the security architecture for BlackBerry Enterprise Server customers since, contrary to any rumors, the security architecture is the same around the world and RIM truly has no ability to provide its customers’ encryption keys. Also driving RIM’s position is the fact that strong encryption is a fundamental commercial requirement for any country to attract and maintain international business anyway and similarly strong encryption is currently used pervasively in traditional VPNs on both wired and wireless networks in order to protect corporate and government communications.

4. RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries.

[shabbs]

Man, there is a lot of crazy reports flying out there... this one from Reuters is suggesting that RIM is going to allow India to read the encrypted corporate email communications... which flies in the face of what RIM has been telling us from day one...

BlackBerry assures India on access to services: source | Reuters

Either someone is spinning this like crazy or RIM has indeed sold it's soul to the devil.

[Reed McLay]

The source, who spoke on condition of anonymity ...

Makes fact checking a little difficult.

Robert Crow, a vice president at BlackBerry, expressed optimism that the company would resolve India's worries. "It is a step in a long journey," he said. ...

Credibility, at last.

The Associated Press: India eyes Google and Skype in security crackdown

MUMBAI, India � India may ask Google and Skype for greater access to encrypted information once it resolves security concerns with BlackBerrys, which are now under threat of a ban, according to a government document and two people familiar with the discussions. ...

[StAiChiLLiN]

From what I understood from the articles BES is encrypted and will never be de-crypted. BBM is encrypted but will be de-crypted if any government ask.
I'm I right?

Posted from my CrackBerry at wapforums.crackberry.com

[Reed McLay]

BlackBerry Messenger is not encrypted, but it has been compressed for transmission. It's kindergarten computer science to read the content with available tools like the BlackBerry Simulators, free to all from RIM.

BES managers can select from several encryption methods including the Advanced Encryption Standard (AES). That is impossible for anybody to decrypt, without the keys.

That is the one RIM stands pat on.

[ben0727]

This is a giant mess, looks like H. Clinton is next in line asking for the same requirements for the USA